From 7d23b1d1e1126af9f2fc967d02e54f77313221a8 Mon Sep 17 00:00:00 2001
From: 17ms <79069176+17ms@users.noreply.github.com>
Date: Fri, 22 Dec 2023 16:19:43 +0200
Subject: [PATCH] poc payload

---
 payload/payload.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 payload/payload.c

diff --git a/payload/payload.c b/payload/payload.c
new file mode 100644
index 0000000..ba4fbc4
--- /dev/null
+++ b/payload/payload.c
@@ -0,0 +1,29 @@
+#include <windows.h>
+
+#ifdef BUILD_DLL
+#define DLL_EXPORT __declspec(dllexport)
+#else
+#define DLL_EXPORT __declspec(dllimport)
+#endif
+
+BOOL WINAPI DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
+{
+    if (ul_reason_for_call == DLL_PROCESS_ATTACH)
+    {
+        CreateProcessW(L"C:\\Windows\\System32\\calc.exe", NULL, NULL, NULL, FALSE, 0, NULL, NULL, NULL, NULL);
+    }
+
+    return TRUE;
+}
+
+BOOL SayHello(LPVOID lpUserData, DWORD nUserDataLen)
+{
+    MessageBoxW(NULL, L"Hello from payload!", L"Hello World!", MB_OK);
+    return TRUE;
+}
+
+BOOL SayCustom(LPVOID lpUserData, DWORD nUserDataLen)
+{
+    MessageBoxW(NULL, (LPCWSTR)lpUserData, L"Hello World!", MB_OK);
+    return TRUE;
+}